J. J. Keller® Compliance Network Logo
Start Experiencing Compliance Network for Free!
Update to Professional Trial!

Be Part of the Ultimate Safety & Compliance Community

Trending news, knowledge-building content, and more – all personalized to you!

Already have an account?
Thank you for investing in EnvironmentalHazmat related content. Click 'UPGRADE' to continue.
Enjoy your limited-time access to the Compliance Network Professional Trial!
A confirmation welcome email has been sent to your email address from ComplianceNetwork@t.jjkellercompliancenetwork.com. Please check your spam/junk folder if you can't find it in your inbox.
Thank you for your interest in EnvironmentalHazmat related content.
You've reached your limit of free access, if you'd like more info, please contact us at 800-327-6868.
HIPAA privacy and security rules
  • When a wellness program is connected to a group health plan, employers must follow HIPAA privacy and security regulations.

HIPAA’s privacy and security rules protect an individual’s health information. The privacy rule addresses how a covered entity may use and disclose this information. When an organization is covered by HIPAA, it must put safeguards in place to make sure an individual’s health information is protected.

HIPAA places restrictions on the circumstances under which a group health plan may allow an employer/plan sponsor access to personal health information (PHI), including PHI about participants in a wellness program offered through the plan, without the written authorization of the individual.

An employer may obtain a summary of health information relating to individuals in the program. This summary of information does not identify individuals, so it does not violate employee privacy. An employer may use this summary to modify a wellness program to better address employee needs and decide which to health and well-being issues to emphasize.

In some cases, an employer may need to perform administrative functions for a wellness program. These functions may require access to personal health information (PHI). When this is the case, HIPAA privacy and security regulations must be followed.